> -----Oorspronkelijk bericht----- > Van: njo...@megan.vbhcs.org [mailto:owner-postfix-us...@postfix.org] > Namens Noel Jones > Verzonden: maandag 9 november 2015 16:05 > Aan: postfix-users@postfix.org > Onderwerp: Re: Disable spooling > > On 11/9/2015 3:46 AM, Paulo Matos wrote: > > Hi, > > > > I have configured postfix with virtual users and virtual domains so I > > have it configured to serve two domains AAA.com and BBB.com. However, > > the machine hostname > > is centauri (none of the hostname its serving). Reverse DNS is enabled > > to one of the domains. I think that as a result of this setup I am > > getting a good chunk of my emails blocked by google with the following > > message: > > > > -------- > > Reporting-MTA: dns; centauri > > X-Postfix-Queue-ID: D8B6D22FD3 > > X-Postfix-Sender: rfc822; pa...@matos-sorge.com > > Arrival-Date: Thu, 5 Nov 2015 10:40:10 +0000 (GMT) > > > > Final-Recipient: rfc822; x...@yyy.com > > Original-Recipient: rfc822; x...@yyy.com > > Action: failed > > Status: 5.7.1 > > Remote-MTA: dns; aspmx.l.google.com > > Diagnostic-Code: smtp; 550-5.7.1 > > Our > > system has detected an 550-5.7.1 unusual rate of unsolicited mail > > originating from your IP address. To 550-5.7.1 protect our users > > from spam, > > mail sent from your IP address has been 550-5.7.1 blocked. Please > visit > > 550-5.7.1 https://support.google.com/mail/answer/81126 to review > > our Bulk > > Email 550 5.7.1 Senders Guidelines. ju5si7198479wjc.28 - gsmtp > > ---------- > > > > The problem is most likely that Reporting-MTA doesn't match any of the > > hostnames of the email we are sending from. > > No, the problem is most likely google thinks they are receiving an > unusual rate of unsolicited mail from your IP. > > - First, set your SMTP HELO hostname to match your rDNS hostname with > http://www.postfix.org/postconf.5.html#smtp_helo_name > This probably won't fix the problem with google, but may help with > other sites that don't like a non-FQDN or nonexistent HELO name. > > - configure your network gateway firewall such that client machines > cannot access outgoing port 25 to prevent an infected client machine > on your network from directly sending mail to the internet. > > - configure SPF, DKIM, and DMARC for your domains. Looks as if you > have SPF setup already. > > > > -- Noel Jones
I suggest the following. (this is obligated by RFCs) Make sure your helo mail-hostname.domain.tld has an A record. Helo hostname must be resolvable. Make sure your hostname.domain.tld has an A and RR (PTR) record. Most server do not block on this because you wil be blokking to many servers Lots of hosts give "unknown" back so rejecting on unknown_hostname is not good imo. But an easy setting users/mail server managers can do is make sure the dns And helo is correct. So i do block on reject_invalid_helo_hostname reject_unknown_helo_hostname And report back that the have incorrect server/dns settings. My hostname of my server for example is core.domain.tld (server hostname) In postfix i have mail.domain.tld (helo hostname) .. myhostname = mail.domain.tld And you can set the same hostname in postfix and use that also for your server, but i dont recommend that. Then thats done, login at google, use the administrative tools from google to check your environment. Greetz, Louis
